Quantum Computer Chip

One popular use for the quantum computer is the factorization of big numbers. If one could factor a big number as quickly as it can be multiplied from its prime components the RSA algorithm would be broken. Theory says that this should be possible, but no practical implementation has been seen so far. The most important obstacle is the quantum noise that leads to random changes in quantum states.

Researchers at the university of Bristol have found a way to cram a complete quantum computer on one silicon chip. However, the largest number they can factor right now is 15. Also, the peripheral devices still fill up a complete desktop.

In order to factor larger numbers the quantum computer needs more degrees of freedom, which are called 'qbits'. Miniaturizing the computer might help with increasing the number of qbits.

Whole Genome Amplification allows DNA Spoofing

Israele researchers found that using a variant of polymerase chain reaction called 'whole genome amplification' it is possible to produce macroscopic amounts of DNA from very small samples. This can be used to create fake evidences at crime scenes. The fabricated samples have been tested with commercially available test kits.

This underlines two insights we all should know since long:

• Don't trust on DNA alone to convict people
• Be careful with large databases - their contents might be stolen

Update (209-08-20): Another Israeli company, Nucleix, claims that they have a DNA analysis kit that can distinguish between real and amplificated DNA. This looks ver much like another armamaent race to me.

Email Stamps

CentMail is new attempt to fight spam by using digital stamps.It is backed by Yahoo research. The proceedings from centmail go to a charity chosen by the sender.
It is well known that even such a small cost for sending out spam will kill the business modell of most spammers. However, it remains to be seen how email receivers will react to these stamps. I would consider acknowledging them in my spamassassin rules.
Also note that people still need to guard against malware received by email even if such a system becomes popular, as a targeted malware infection may have a completely different business model.
Anyway, the money is well spent even if it doesn't kill spam immediately.

Formally Evaluated Microkernel Sourcecode

Australian researchers have published a formal proof of the correctness of a L4 microkernel. They used the theorem prover Isabelle to achieve this. L4 is a microkernel, not an operating system. It performs only very elementary functions like memory management and controlling processes as well as interprocess communication.
Additional operating system functionality, like networking or file systems are implemented outside of the kernel.
If this works out, meaning that the proof holds and the kernel runs at a reasonable speed, this would mean thet this the world's fist bug-free operating system kernel source code. Note the defensive wording, there might still be errors in the specification, the services outside of the service or the C compiler.
Unfortunately, it wont't run on smart cards, as it's target architecture is ARM11 and x86. Also, to gain a formally proven secure smart card kernel one would have to prove also security against hardware glitches and attacks.

AES Weaknesses

Recent attacks on AES (see here and here) have shown weaknessesn in the AES key schedule. In short, they managed to recover the key of an 256-bit AES with a complexity of 2¹¹⁹ and 192-bit AES with complexity 2¹⁷⁶. If this results holds, AES-256 is not better then AES-128. For the time being, there are no practical implications, as all three algorithms still can be considered practically secure.

Economics of Spam

An experiment about spam conversion rate (the rate by which spam emails result in purchases) show that less than 0.00001% of spam emails result in sales. The experiment was performed by infiltrating the storm botnet and sending out spam emails referring to fake sales pages operated by the researchers (I won't comment on whether I consider this method ethically acceptable. At least, no damage is done to the test subjects).
As sending out spam comes with a cost, this low conversion rate poses a problem to the spammers. The authors assume that the retail price for sending out spam is $80/million spam mails. That's not a business because one million emails result in only 0.1 conversions by the conversion rate quoted above.
The conclusion in the cited paper is that the storm botnet is "vertically integrated" and thus operates at lower costs than $80 per million of sent spam emails.
The good news is that spam business seems to operate at the border of profitability. If this is true, then measures that reduce spam profitabiity further might effectively reduce the quantity of spam.

Elliptic Curves Tested in Lausanne

Researchers at École Polytechnique Fédérale de Lausanne have cracked a 112 bit encryption based on elliptic curves (more exactly secp112r1) using 700 machine-months of the Sony playstation PS3.

Experiments of this sort are important to judge the security of real-life applications: At the moment elliptic curves betwen 160 and 256 bits are used. As the number of processor cycles required for a brute-force-attack grows exponentially with the number of bits there is quite some headroom left.